Details of VAR-201310-0497

ID

VAR-201310-0497

CVE

CVE-2013-5148

TITLE

Apple Keynote Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2013-004872

DESCRIPTION

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. Apple Keynote is prone to a security-bypass vulnerability. Local attackers can leverage this issue to bypass certain security restrictions and gain unauthorized access. Apple Keynote prior to 6.0 are vulnerable. The software can make slideshows and supports true 3D transformations, including cube rotation, card switching, dissolution, etc. An attacker in physical proximity could exploit this vulnerability by gaining access to an unattended workstation while the computer is asleep

Trust: 1.98

sources: NVD: CVE-2013-5148 // JVNDB: JVNDB-2013-004872 // BID: 63283 // VULHUB: VHN-65150

AFFECTED PRODUCTS

vendor:	apple	model:	keynote	scope:	eq	version:	5.0	Trust: 1.9
vendor:	apple	model:	keynote	scope:	eq	version:	5.0.2	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.0.5	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.0.4	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.2	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.1	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.0.3	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	apple	model:	keynote	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	apple	model:	keynote	scope:	lte	version:	5.3	Trust: 1.0
vendor:	apple	model:	keynote	scope:	lt	version:	6.0 (apple mac os x v10.9 or later )	Trust: 0.8
vendor:	apple	model:	keynote	scope:	eq	version:	5.3	Trust: 0.6
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	keynote	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	keynote	scope:	ne	version:	6.0	Trust: 0.3

sources: BID: 63283 // JVNDB: JVNDB-2013-004872 // CNNVD: CNNVD-201310-608 // NVD: CVE-2013-5148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5148
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5148
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201310-608
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65150
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5148
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65150
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65150 // JVNDB: JVNDB-2013-004872 // CNNVD: CNNVD-201310-608 // NVD: CVE-2013-5148

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-65150 // JVNDB: JVNDB-2013-004872 // NVD: CVE-2013-5148

THREAT TYPE

local

Trust: 0.9

sources: BID: 63283 // CNNVD: CNNVD-201310-608

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-608

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004872

PATCH

title:	APPLE-SA-2013-10-22-4	url:	http://lists.apple.com/archives/security-announce/2013/Oct/msg00005.html	Trust: 0.8
title:	HT6002	url:	http://support.apple.com/kb/HT6002	Trust: 0.8
title:	HT6002	url:	http://support.apple.com/kb/HT6002?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2013-004872

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5148	Trust: 2.8
db:	JVN	id:	JVNVU95174988	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004872	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-608	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2013-10-22-4	Trust: 0.6
db:	BID	id:	63283	Trust: 0.4
db:	VULHUB	id:	VHN-65150	Trust: 0.1

sources: VULHUB: VHN-65150 // BID: 63283 // JVNDB: JVNDB-2013-004872 // CNNVD: CNNVD-201310-608 // NVD: CVE-2013-5148

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2013/oct/msg00005.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5148	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu95174988/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5148	Trust: 0.8
url:	http://www.apple.com/ios/keynote/?cid=wwa-us-kwg-features-com	Trust: 0.3
url:	http://software.cisco.com/download/navigator.html?mdfid=283613663	Trust: 0.3

sources: VULHUB: VHN-65150 // BID: 63283 // JVNDB: JVNDB-2013-004872 // CNNVD: CNNVD-201310-608 // NVD: CVE-2013-5148

CREDITS

Vendor reported this issue.

Trust: 0.3

sources: BID: 63283

SOURCES

db:	VULHUB	id:	VHN-65150
db:	BID	id:	63283
db:	JVNDB	id:	JVNDB-2013-004872
db:	CNNVD	id:	CNNVD-201310-608
db:	NVD	id:	CVE-2013-5148

LAST UPDATE DATE

2025-04-11T20:06:34.173000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65150	date:	2013-10-24T00:00:00
db:	BID	id:	63283	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004872	date:	2013-10-31T00:00:00
db:	CNNVD	id:	CNNVD-201310-608	date:	2013-10-25T00:00:00
db:	NVD	id:	CVE-2013-5148	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65150	date:	2013-10-24T00:00:00
db:	BID	id:	63283	date:	2013-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-004872	date:	2013-10-25T00:00:00
db:	CNNVD	id:	CNNVD-201310-608	date:	2013-10-25T00:00:00
db:	NVD	id:	CVE-2013-5148	date:	2013-10-24T10:53:09.757